An article to let you know what is docker

Enterprise 2023-07-15 19:21:36 views: null

This article directory

1. What is Docker

Docker is an open source containerization platform designed to simplify the process of developing, deploying, and running applications. It provides a lightweight, portable, and self-contained containerized environment that enables developers to build, package, and distribute applications in a consistent manner across different computers.

The following are several core concepts of Docker:

  • Container : The container is the basic deployment unit of Docker. It is a lightweight, self-contained runtime environment that contains an application and its associated dependencies. Containers use the namespace and control group technology of the Linux kernel to achieve isolation and resource management, so that applications running in different containers will not affect each other.
  • Image : An image is a template for creating containers. It contains a complete file system, which includes all the files, dependencies and configuration information needed by the application to run. Images are immutable, and multiple identical container instances can be created through Docker images.
  • Image Registry : The image registry is a place for storing and distributing Docker images. The most commonly used public image warehouse is Docker Hub, which has a large number of official and community-shared images. In addition, you can also build a private mirror warehouse to store your own mirror images.
  • Dockerfile : A Dockerfile is a text file that defines the build process for a Docker image. It contains a series of instructions for specifying the base image, installing software, copying files, configuring the environment, etc. Through Dockerfile, images can be built automatically to ensure the consistency and repeatability of images.

Docker's strengths lie in its lightness, portability, and flexibility. By using Docker, developers can more easily create a reliable development environment, quickly deploy applications, achieve elastic expansion and service orchestration, and more. At the same time, it also provides a rich ecosystem of tools and services, such as the container orchestration tool Docker Compose and the container orchestration platform Kubernetes, making the management of containerized applications more convenient and efficient.

2. The difference and connection between Docker and virtual technology

  • On the basis of containers, Docker has carried out further encapsulation, from file system, network interconnection to process isolation, etc., which greatly simplifies the creation and maintenance of containers. This makes Docker technology lighter and faster than virtual machine technology.
  • The image below compares the difference between Docker and traditional virtualization methods. Traditional virtual machine technology is to virtualize a set of hardware, run a complete operating system on it, and then run the required application process on the system. The application process in the container runs directly on the host's kernel. The container does not have its own kernel, and there is no hardware virtualization. Therefore, containers are more portable than traditional virtual machines.

insert image description here

insert image description here

3. Why use Docker

As an emerging virtualization method, Docker has many advantages compared with traditional virtualization methods:

  • More efficient use of system resources

Because containers do not require additional overhead such as hardware virtualization and running a full operating system, Docker utilizes system resources more efficiently. Whether it is application execution speed, memory consumption or file storage speed, it is more efficient than traditional virtual machine technology. Therefore, compared with virtual machine technology, a host with the same configuration can often run more applications.

  • faster boot time

Traditional virtual machine technology often takes several minutes to start application services, while Docker container applications, because they run directly on the host kernel and do not need to start a complete operating system, can achieve second-level or even millisecond-level startup time. It greatly saves the time of development, testing and deployment.

  • consistent operating environment

A common problem during development is environment consistency issues. Due to the inconsistency between the development environment, test environment, and production environment, some bugs were not discovered during the development process. The Docker image provides a complete runtime environment except the kernel, ensuring the consistency of the application runtime environment, so that there will be no more problems such as "this code is fine on my machine" .

  • Continuous Delivery and Deployment

For development and operation and maintenance (DevOps) personnel, the most hope is to create or configure once, and it can run normally anywhere.

Using Docker can achieve continuous integration, continuous delivery, and deployment by customizing application images. Developers can use Dockerfile to build images and combine them with Continuous Integration (Continuous Integration) systems for integration testing, while operation and maintenance personnel can quickly deploy the images directly in the production environment, even combined with Continuous Deployment (Continuous Delivery/Deployment) systems for automatic deployment.

Moreover, the use of Dockerfile to make image construction transparent not only allows the development team to understand the application operating environment, but also facilitates the operation and maintenance team to understand the conditions required for application operation, helping to better deploy the image in the production environment.

  • easier migration

Because Docker ensures the consistency of the execution environment, it makes the migration of applications easier. Docker can run on many platforms, whether it is a physical machine, a virtual machine, a public cloud, a private cloud, or even a laptop, the results are the same. Therefore, the user can easily migrate the application running on one platform to another platform without worrying about the situation that the application cannot run normally due to the change of the operating environment.

  • Easier maintenance and expansion

The layered storage and mirroring technology used by Docker makes it easier to reuse the repeated parts of the application, and also makes the maintenance and updating of the application easier. It is also very simple to further expand the mirroring based on the basic mirroring. In addition, the Docker team maintains a large number of high-quality official images together with various open source project teams , which can be used directly in the production environment or used as a basis for further customization, which greatly reduces the cost of image production for application services.

  • Summary of comparison with traditional virtual machines
characteristic container virtual machine
start up second level minute level
Hard disk usage GenerallyMB GenerallyGB
performance close to native weaker than
System Support A single machine supports thousands of containers Generally dozens

4. Several basic concepts

4.1 Mirroring

We all know that the operating system is divided into kernel and user space. For Linux, after the kernel starts, the root file system will be mounted to provide user space support. The Docker image (Image) is equivalent to a root file system. For example, the official image ubuntu:18.04 contains a complete root file system of the minimum system of Ubuntu 18.04.

A Docker image is a special file system. In addition to providing the programs, libraries, resources, configuration and other files required by the container runtime, it also contains some configuration parameters prepared for runtime (such as anonymous volumes, environment variables, users, etc. ). Images do not contain any dynamic data, and their contents are not changed after they are built.

Hierarchical storage of mirrors:

  • Because the image contains the complete root file system of the operating system, its volume is often huge, so when designing Docker, it makes full use of the Union FS technology and designs it as a hierarchical storage architecture. So strictly speaking, an image is not a packaged file like an ISO. An image is just a virtual concept. Its actual embodiment is not composed of a file, but a group of file systems, or in other words, a combination of multi-layer file systems. composition.
  • When the image is built, it will be built layer by layer, and the previous layer is the basis of the next layer. After each layer is built, it will not change again, and any changes on the next layer only occur on its own layer. For example, the operation of deleting a file in the previous layer does not actually delete the file in the previous layer, but only marks the file as deleted in the current layer. When the final container is running, although this file will not be seen, in fact, the file will always follow the image. Therefore, when building an image, you need to be extra careful. Each layer should only contain what needs to be added to that layer, and any extra things should be cleaned up before the end of the layer's construction.
  • The feature of hierarchical storage also makes the reuse and customization of images easier. You can even use the previously built image as the base layer, and then further add new layers to customize what you need and build a new image.

4.2 Containers

  • The relationship between the image (Image) and the container (Container) is like the class and instance in object-oriented programming. The image is a static definition, and the container is the entity of the image runtime. Containers can be created, started, stopped, deleted, paused, etc.
  • The essence of a container is a process, but unlike a process directly executed on the host, a container process runs in its own independent namespace. So a container can have its own root filesystem, its own network configuration, its own process space, and even its own user ID space. The process in the container runs in an isolated environment, and when used, it seems to be operating under a system independent of the host. This feature makes container-encapsulated applications more secure than running directly on the host. Also because of this isolation feature, many people often confuse containers and virtual machines when they first learn Docker.
  • As mentioned earlier, images use hierarchical storage, and so do containers. When each container runs, the image is used as the base layer, and a storage layer for the current container is created on it. We can call this storage layer prepared for container runtime read and write as the container storage layer.
  • The life cycle of the container storage layer is the same as that of the container. When the container dies, the container storage layer also dies. Therefore, any information stored in the storage layer of the container will be lost when the container is deleted.
  • According to the best practices of Docker, containers should not write any data into their storage layer, and the container storage layer should remain stateless. All file writing operations should use data volumes (Volume) or bind host directories. Reading and writing in these locations will skip the container storage layer and directly read and write to the host (or network storage). Greater stability.
  • The life cycle of the data volume is independent of the container. When the container dies, the data volume will not die. Therefore, after using the data volume, the data will not be lost after the container is deleted or restarted.

4.3 Mirror warehouse

  • After the image is built, it can be easily run on the current host machine. However, if we need to use this image on other servers, we need a centralized storage and image distribution service. Docker Registry is such a service.
  • A Docker Registry can contain multiple warehouses (Repository); each warehouse can contain multiple tags (Tag); each tag corresponds to a mirror image.
  • Usually, a warehouse will contain images of different versions of the same software, and tags are often used to correspond to each version of the software. We can use <仓库名>:<标签>the format of to specify which version of the software is the mirror image. If no label is given, will be used latestas the default label.
  • Taking the Ubuntu image as an example, ubuntuit is the name of the warehouse, which contains different version tags, such as: 16.04, 18.04. We can use ubuntu:16.04or ubuntu:18.04to specify which version of the image we need. If a tag is omitted, e.g. ubuntu, that will be treated as ubuntu:latest.
  • The warehouse name often appears in the form of a two-part pathjwilder/nginx-proxy . For example , the former often means the user name in the Docker Registry multi-user environment, and the latter often means the corresponding software name. But this is not absolute, depending on the specific Docker Registry software or service used.

4.3.1 Docker Registry public service

  • The Docker Registry public service is a Registry service that is open to users and allows users to manage images. Generally, such public services allow users to upload and download public images for free, and may provide paid services for users to manage private images.
  • The most commonly used Registry public service is the official Docker Hub, which is also the default Registry and has a large number of high-quality official images. In addition, there are Red Hat's Quay.io; Google's Google Container Registry, which is used by the Kubernetes mirror; and ghcr.io launched by the code hosting platform GitHub.
  • Accessing these services within the country may be slower for several reasons. Some domestic cloud service providers provide mirror services ( Registry Mirror) for Docker Hub, and these mirror services are called accelerators . The common ones are Alibaba Cloud Accelerator , DaoCloud Accelerator , etc. Using the accelerator will directly download the image of Docker Hub from the domestic address, which will be much faster than downloading directly from Docker Hub.
  • There are also some cloud service providers in China that provide public services similar to Docker Hub. For example, NetEase Cloud Mirror Service , DaoCloud Mirror Market , Alibaba Cloud Mirror Library , etc.

4.3.2 Private Docker Registry

  • In addition to using public services, users can also build a private Docker Registry locally. Docker officially provides the Docker Registry image, which can be used directly as a private Registry service.
  • The open-source Docker Registry image only provides the server-side implementation of the Docker Registry APIdocker , which is sufficient to support commands without affecting usage. However, it does not include a graphical interface, and advanced functions such as image maintenance, user management, and access control.
  • In addition to the official Docker Registry, there are third-party software that implements the Docker Registry API, and even provides a user interface and some advanced features. For example, Harbor and Sonatype Nexus .

4.4 Dockerfile

  • Dockerfile is a text file used to build a mirror, and the text content contains instructions and instructions for building a mirror.
  • In a folder, if there is a file named Dockfile whose contents meet the syntax requirements, execute the command: in this folder path, and you docker build --tag name:tag .can build a mirror image according to the description. nameIt is the name of the image, tagand it is the version or tag number of the image. If it is not specified, it will be the default lastest. Note that there is a space and a dot after it.

Guess you like

Origin blog.csdn.net/m0_51913750/article/details/131605981
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com